1. 搭建NFS服务
192.168.31.200
1.1 安装 nfs-utils
yum install nfs-utils -y
systemctl start rpcbind &&systemctl enable rpcbind
systemctl start nfs && systemctl enable nfs
1.2 建立nfs存储目录
echo "/data/kubernetes/ *(rw,no_root_squash,no_all_squash,sync)" >/etc/exports
exportfs -r
1.3 查看nfs挂载
exportfs -v
/data/kubernetes
<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
1.5 使得配置生效
showmount -e
Export list for hdss200.host.com:
/data/kubernetes *
如果出现报错 clnt_create: RPC: Program not registered
systemctl stop rpcbind
systemctl stop nfs
systemctl start rpcbind
systemctl start nfs
2. 在master上创建PV
192.168.31.37
2.1 创建rbac
- rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch", "create", "update", "patch"]
# - apiGroups: [""]
# resources: ["services", "endpoints"]
# verbs: ["get","create","list", "watch","update"]
# - apiGroups: ["extensions"]
# resources: ["podsecuritypolicies"]
# resourceNames: ["nfs-provisioner"]
# verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: kube-system
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: kube-system
rules:
- apiGroups: [""]
resources: [ "endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: kube-system
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: kube-system
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
kubectl apply -f rbac.yaml
2.2创建sc
- storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: 200-nfs-storage
provisioner: 200-nfs-provisioner #这里要和第三个nfs-client-provisioner的env环境变量中的value值对应。
reclaimPolicy: Retain
3、创建PVC,绑定PV
3.1 创建nfs-client-provisioner容器
- deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
namespace: kube-system
spec:
replicas: 1 #副本数量为1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccount: nfs-client-provisioner #指定账户
containers:
- name: nfs-client-provisioner
image: harbor.od.com/public/nfs-client-provisioner:latest #使用的是这个镜像
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes #指定容器内的挂载目录
env:
- name: PROVISIONER_NAME #这是这个容器内置的变量
value: 200-nfs-provisioner #这是上面变量的值(名字)
- name: NFS_SERVER #内置变量,用于指定nfs服务的IP
value: 192.168.31.200
- name: NFS_PATH #内置变量,指定的是nfs共享的目录
value: /data/kubernetes
volumes: #这下面是指定上面挂载到容器内的nfs的路径及IP
- name: nfs-client-root
nfs:
server: 192.168.31.200
path: /data/kubernetes
3.2 创建pvc
- test-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: test-nginx-pvc
namespace: ingress-nginx
spec:
storageClassName: 200-nfs-storage #定义存储类的名字,要和SC的名字对应
accessModes:
- ReadWriteMany #访问模式为RWM
resources:
requests:
storage: 500Mi
4. 创建nginx
- nginx-configmap.yaml
---
apiVersion: v1
data:
default.conf: |
server {
listen 8012;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
nginx.conf: |
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
kind: ConfigMap
metadata:
name: test-nginx
- nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-nginx
namespace: ingress-nginx
labels:
k8s-app: test-nginx
spec:
replicas: 1
selector:
matchLabels:
k8s-app: test-nginx
template:
metadata:
labels:
k8s-app: test-nginx
spec:
containers:
- image: 'harbor.od.com/public/nginx:1.16.1'
imagePullPolicy: IfNotPresent
name: test-nginx
ports:
- containerPort: 8012
hostPort: 8012
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/nginx
name: config-volume
- mountPath: /usr/share/nginx/html/
name: test-volume
dnsPolicy: ClusterFirst
nodeSelector:
app-group: test
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
items:
- key: nginx.conf
path: nginx.conf
- key: mime.types
path: mime.types
- key: default.conf
path: conf.d/default.conf
name: test-nginx
name: config-volume
- name: test-volume
persistentVolumeClaim:
claimName: test-nginx-pvc
5. 在nfs服务器上写 index.html
cd /data/kubernetes/
cd ingress-nginx-test-nginx-pvc-pvc-5054b549-cdb1-4e9a-a87e-10e3de7f5dd7/
echo 'test' > index.html
6. 访问 nginx
- 找到nginx的pod的ip地址
kubectl get pods -n ingress-nginx -owide |grep test-nginx
- 访问nginx
curl 172.16.236.255:8012
